gcloud compute instance-templates create - create a Compute Engine virtual machine instance template

gcloud compute instance-templates createNAME[--accelerator=[count=COUNT],[type=TYPE]][--no-boot-disk-auto-delete][--boot-disk-device-name=BOOT_DISK_DEVICE_NAME][--boot-disk-interface=BOOT_DISK_INTERFACE][--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS][--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT][--boot-disk-size=BOOT_DISK_SIZE][--boot-disk-type=BOOT_DISK_TYPE][--can-ip-forward][--configure-disk=[PROPERTY=VALUE,…]][--create-disk=[PROPERTY=VALUE,…]][--description=DESCRIPTION][--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP][--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[interface=INTERFACE],[mode=MODE],[name=NAME]][--[no-]enable-nested-virtualization][--[no-]enable-uefi-networking][--external-ipv6-address=EXTERNAL_IPV6_ADDRESS][--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH][--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS][--instance-template-region=INSTANCE_TEMPLATE_REGION][--instance-termination-action=INSTANCE_TERMINATION_ACTION][--internal-ipv6-address=INTERNAL_IPV6_ADDRESS][--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH][--ipv6-network-tier=IPV6_NETWORK_TIER][--key-revocation-action-type=POLICY][--labels=[KEY=VALUE,…]][--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]][--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT][--machine-type=MACHINE_TYPE][--maintenance-policy=MAINTENANCE_POLICY][--max-run-duration=MAX_RUN_DURATION][--metadata=KEY=VALUE,[KEY=VALUE,…]][--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]][--min-cpu-platform=PLATFORM][--min-node-cpu=MIN_NODE_CPU][--network=NETWORK][--network-interface=[PROPERTY=VALUE,…]][--network-performance-configs=[PROPERTY=VALUE,…]][--network-tier=NETWORK_TIER][--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT][--preemptible][--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE][--private-network-ip=PRIVATE_NETWORK_IP][--provisioning-model=PROVISIONING_MODEL][--region=REGION][--resource-manager-tags=[KEY=VALUE,…]][--resource-policies=[RESOURCE_POLICY,…]][--no-restart-on-failure][--shielded-integrity-monitoring][--shielded-secure-boot][--shielded-vtpm][--[no-]skip-guest-os-shutdown][--source-instance=SOURCE_INSTANCE][--source-instance-zone=SOURCE_INSTANCE_ZONE][--stack-type=STACK_TYPE][--subnet=SUBNET][--tags=TAG,[TAG,…]][--termination-time=TERMINATION_TIME][--threads-per-core=THREADS_PER_CORE][--turbo-mode=TURBO_MODE][--visible-core-count=VISIBLE_CORE_COUNT][--address=ADDRESS    |--no-address][--boot-disk-kms-key=BOOT_DISK_KMS_KEY :--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT][--confidential-compute    |--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE][--custom-cpu=CUSTOM_CPU--custom-memory=CUSTOM_MEMORY :--custom-extensions--custom-vm-type=CUSTOM_VM_TYPE][--image-project=IMAGE_PROJECT--image=IMAGE    |--image-family=IMAGE_FAMILY][--node=NODE    |--node-affinity-file=PATH_TO_FILE    |--node-group=NODE_GROUP][--reservation=RESERVATION--reservation-affinity=RESERVATION_AFFINITY; default="any"][--scopes=[SCOPE,…]    |--no-scopes][--service-account=SERVICE_ACCOUNT    |--no-service-account][--service-proxy=[enabled],[access-log=ACCESS-LOG],[network=NETWORK],[proxy-port=PROXY-PORT],[serving-ports=SERVING-PORTS],[tracing=TRACING]--service-proxy-labels=[KEY=VALUE, …,…]][GCLOUD_WIDE_FLAG …]

NAME

Name of the instance template to create.

--accelerator=[count=COUNT],[type=TYPE]

Attaches accelerators (e.g. GPUs) to the instances.

type

The specific type (e.g. nvidia-tesla-t4 for NVIDIA T4) of accelerator to attachto the instances. Use 'gcloud compute accelerator-types list' to learn about allavailable accelerator types.

count

Number of accelerators to attach to each instance. The default value is 1.

--boot-disk-auto-delete

Automatically delete boot disks when their instances are deleted. Enabled bydefault, use--no-boot-disk-auto-delete to disable.

--boot-disk-device-name=BOOT_DISK_DEVICE_NAME

The name the guest operating system will see for the boot disk. This option canonly be specified if a new boot disk is being created (as opposed to mounting anexisting persistent disk).

--boot-disk-interface=BOOT_DISK_INTERFACE

Indicates the interface to use for the boot disk. The value must be one of thefollowing:

• SCSI
• NVME

--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS

Indicates how many IOPS to provision for the disk. This sets the number of I/Ooperations per second that the disk can handle.

--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT

Indicates how much throughput to provision for the disk. This sets the number ofthroughput mb per second that the disk can handle.

--boot-disk-size=BOOT_DISK_SIZE

The size of the boot disk. This option can only be specified if a new boot diskis being created (as opposed to mounting an existing persistent disk). The valuemust be a whole number followed by a size unit ofKB for kilobyte,MB for megabyte,GB for gigabyte, orTB for terabyte. For example,10GB will produce a 10 gigabyte disk. Disksize must be a multiple of 1 GB. Default size unit isGB.

--boot-disk-type=BOOT_DISK_TYPE

The type of the boot disk. This option can only be specified if a new boot diskis being created (as opposed to mounting an existing persistent disk). To get alist of available disk types, run$gcloud compute disk-typeslist.

--can-ip-forward

If provided, allows the instances to send and receive packets with non-matchingdestination or source IP addresses.

--configure-disk=[PROPERTY=VALUE,…]

This option has effect only when used with--source-instance. Itallows you to override how the source-instance's disks are defined in thetemplate.

device-name

Name of the device for which the configuration is being overridden.

auto-delete

Iftrue, this persistent disk will be automatically deleted whenthe instance is deleted. However, if the disk is detached from the instance,this option won't apply. If not provided, the setting is copied from the sourceinstance. Allowed values of the flag are:false,no,true, andyes.

instantiate-from

Specifies whether to include the disk and which image to use. Valid values are:attach-read-only, blank, custom-image, do-not-include, source-image,source-image-family

custom-image

The custom image to use if custom-image is specified for instantiate-from.

--create-disk=[PROPERTY=VALUE,…]

Creates and attaches persistent disks to the instances.

name

Specifies the name of the disk. This option cannot be specified if more than oneinstance is being created.

description

Optional textual description for the disk being created.

mode

Specifies the mode of the disk. Supported options arero for read-only andrw for read-write. If omitted,rw is used as a default.

image

Specifies the name of the image that the disk will be initialized with. A newdisk will be created based on the given image. To view a list of public imagesand projects, run$gcloud compute imageslist. It is best practice to use image when a specific version of animage is needed. If both image and image-family flags are omitted a blank diskwill be created.

image-family

The image family for the operating system that the boot disk will be initializedwith. Compute Engine offers multiple Linux distributions, some of which areavailable as both regular and Shielded VM images. When a family is specifiedinstead of an image, the latest non-deprecated image associated with that familyis used. It is best practice to use --image-family when the latest version of animage is needed.

image-project

The Google Cloud project against which all image and image family referenceswill be resolved. It is best practice to define image-project. A full list ofavailable image projects can be generated by runninggcloud compute imageslist.

• If specifying one of our public images, image-project must be provided.
• If there are several of the same image-family value in multiple projects,image-project must be specified to clarify the image to be used.
• If not specified and either image or image-family is provided, the currentdefault project is used.

size

The size of the disk. The value must be a whole number followed by a size unitofKB for kilobyte,MB for megabyte,GB for gigabyte, orTB for terabyte. For example,10GB will produce a 10 gigabyte disk. Disksize must be a multiple of 1 GB. If not specified, the default image size willbe used for the new disk.

type

The type of the disk. To get a list of available disk types, run $gcloud compute disk-typeslist. The default disk type ispd-standard.

device-name

An optional name to display the disk name in the guest operating system. Ifomitted, a device name of the formpersistent-disk-N is used.

provisioned-iops

Indicates how many IOPS to provision for the disk. This sets the number of I/Ooperations per second that the disk can handle. Value must be between 10,000 and120,000.

provisioned-throughput

Indicates how much throughput to provision for the disk. This sets the number ofthroughput mb per second that the disk can handle.

disk-resource-policy

Resource policy to apply to the disk. Specify a full or partial URL. Forexample:

• https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
• projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy

For more information, see the following docs:

• https://cloud.google.com/sdk/gcloud/reference/beta/compute/resource-policies/
• https://cloud.google.com/compute/docs/disks/scheduled-snapshots

auto-delete

Ifyes, this persistent disk will beautomatically deleted when the instance is deleted. However, if the disk islater detached from the instance, this option won't apply. The default value forthis isyes.

architecture

Specifies the architecture or processor type that this disk can support. Foravailable processor types on Compute Engine, seehttps://cloud.google.com/compute/docs/cpu-platforms.

storage-pool

The name of the storage pool in which the new disk is created. The new disk andthe storage pool must be in the same location.

interface

The interface to use with the disk. The value must be one of the following:

• SCSI
• NVME

boot

Ifyes, indicates that this is a boot disk.The instance will use the first partition of the disk for its root file system.The default value for this isno.

kms-key

Fully qualified Cloud KMS cryptokey name that will protect the disk.

This can either be the fully qualified path or the name.

The fully qualified Cloud KMS cryptokey name format is:projects/<kms-project>/locations/<kms-location>/keyRings/<kms-keyring>/cryptoKeys/<key-name>.

If the value is not fully qualified then kms-location, kms-keyring, andoptionally kms-project are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-project

Project that contains the Cloud KMS cryptokey that will protect the disk.

If the project is not specified then the project where the disk is being createdwill be used.

If this flag is set then key-location, kms-keyring, and kms-key are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-location

Location of the Cloud KMS cryptokey to be used for protecting the disk.

All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possiblelocations run 'gcloud kms locations list'. If this flag is set then kms-keyringand kms-key are required. Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

kms-keyring

The keyring which contains the Cloud KMS cryptokey that will protect the disk.

If this flag is set then kms-location and kms-key are required.

Seehttps://cloud.google.com/compute/docs/disks/customer-managed-encryptionfor more details.

replica-zones

Required for each regional disk associated with the instance. Specify the URLsof the zones where the disk should be replicated to. You must provide exactlytwo replica zones, and one zone must be the same as the instance zone.

--description=DESCRIPTION

Specifies a textual description for the instance template.

--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP

Required to be set totrue and only allowed for VMs that have oneor more local SSDs, use --instance-termination-action=STOP, and use either--max-run-duration or --termination-time.

This flag indicates the value that you want Compute Engine to use for the--discard-local-ssd flag in the automaticgcloud compute instancesstop command. This flag only supports thetrue value,which discards local SSD data when automatically stopping this VM during itsterminationTimestamp.

For more information about the--discard-local-ssd flag, seehttps://cloud.google.com/compute/docs/disks/local-ssd#stop_instance.

--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[interface=INTERFACE],[mode=MODE],[name=NAME]

Attaches an existing disk to the instances.

name

The disk to attach to the instances. If you create more than one instance, youcan only attach a disk in read-only mode. By default, you attach a zonal disklocated in the same zone of the instance. If you want to attach a regional disk,you must specify the disk using its URI; for example,projects/myproject/regions/us-central1/disks/my-regional-disk.

mode

The mode of the disk. Supported options arero for read-only mode andrw for read-write mode. If omitted,rw is used as a default value. If you userw when creating more than one instance,you encounter errors.

boot

If set toyes, you attach a boot disk. Thevirtual machine then uses the first partition of the disk for the root filesystems. The default value for this isno.

device-name

An optional name to display the disk name in the guest operating system. Ifomitted, a device name of the formpersistent-disk-N is used.

auto-delete

If set toyes, the persistent disk isautomatically deleted when the instance is deleted. However, if you detach thedisk from the instance, deleting the instance doesn't delete the disk. Thedefault value isyes.

interface

The interface to use for the disk. The value must be one of the following:

• SCSI
• NVME

--[no-]enable-nested-virtualization

If set to true, enables nested virtualization for the instance. Use--enable-nested-virtualization to enable and--no-enable-nested-virtualization to disable.

--[no-]enable-uefi-networking

If set to true, enables UEFI networking for the instance creation. Use--enable-uefi-networking to enable and--no-enable-uefi-networking to disable.

--external-ipv6-address=EXTERNAL_IPV6_ADDRESS

Assigns the given external IPv6 address to the instance that is created. Theaddress must be the first IP address in the range. This option can be used onlywhen creating a single instance.

--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH

The prefix length of the external IPv6 address range. This field should be usedtogether with--external-ipv6-address. Only the /96 IP addressrange is supported, and the default value is 96.

--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS

The timeout in seconds for host error detection. The value must be set with 30second increments, with a range of 90 to 330 seconds. If unset, the defaultbehavior of the host error recovery is used.

--instance-template-region=INSTANCE_TEMPLATE_REGION

Specifies the region of the regional instance template.

--instance-termination-action=INSTANCE_TERMINATION_ACTION

Specifies the termination action that will be taken upon VM preemption(--provisioning-model=SPOT) or automatic instance termination(--max-run-duration or --termination-time).

INSTANCE_TERMINATION_ACTION must be one of:

DELETE

Permanently delete the VM.

STOP

Default only for Spot VMs. Stop the VM without preserving memory. The VM can berestarted later.

--internal-ipv6-address=INTERNAL_IPV6_ADDRESS

Assigns the given internal IPv6 address or range to the instance that iscreated. The address must be the first IP address in the range or from a /96 IPaddress range. This option can be used only when creating a single instance.

--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH

Optional field that indicates the prefix length of the internal IPv6 addressrange. It should be used together with --internal-ipv6-address. Only /96 IPaddress range is supported and the default value is 96. If not set, either theprefix length from --internal-ipv6-address will be used or the default value of96 will be assigned.

--ipv6-network-tier=IPV6_NETWORK_TIER

Specifies the IPv6 network tier that will be used to configure the instancenetwork interface IPv6 access config.IPV6_NETWORK_TIERmust be (only one value is supported):

PREMIUM

High quality, Google-grade network tier.

--key-revocation-action-type=POLICY

Specifies the behavior of the instance when the KMS key of one of its attacheddisks is revoked. The default is none.POLICY must beone of:

none

No operation is performed.

stop

The instance is stopped when the KMS key of one of its attached disks isrevoked.

--labels=[KEY=VALUE,…]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens(-), underscores (_), lowercase characters, andnumbers. Values must contain only hyphens (-), underscores(_), lowercase characters, and numbers.

--local-ssd=[device-name=DEVICE-NAME],[interface=INTERFACE],[size=SIZE]

Attaches a local SSD to the instances.

device-name

Optional. A name that indicates the disk name the guest operating system willsee. Can only be specified ifinterface isSCSI. Ifomitted, a device name of the formlocal-ssd-N will be used.

interface

Optional. The kind of disk interface exposed to the VM for this SSD. Validvalues areSCSI andNVME. SCSI is the default and is supportedby more guest operating systems. NVME might provide higher performance.

size

Optional. The only valid value is375GB.Specify the--local-ssd flag multiple timesif you need multiple375GB local SSDpartitions. You can specify a maximum of 24 local SSDs for a maximum of9TB attached to an instance.

--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT

Specifies the maximum amount of time a Local Ssd Vm should wait while recoveryof the Local Ssd state is attempted. Its value should be in between 0 and 168hours with hour granularity and the default value being 1 hour.

--machine-type=MACHINE_TYPE

Specifies the machine type used for the instances. To get a list of availablemachine types, run 'gcloud compute machine-types list'. If unspecified, thedefault type is n1-standard-1.

--maintenance-policy=MAINTENANCE_POLICY

Specifies the behavior of the VMs when their host machines undergo maintenance.The default is MIGRATE. For more information, seehttps://cloud.google.com/compute/docs/instances/host-maintenance-options.MAINTENANCE_POLICY must be one of:

MIGRATE

The instances should be migrated to a new host. This will temporarily impact theperformance of instances during a migration event.

TERMINATE

The instances should be terminated.

--max-run-duration=MAX_RUN_DURATION

Limits how long this VM instance can run, specified as a duration relative tothe last time when the VM began running. Format the duration, MAX_RUN_DURATION,as the number of days, hours, minutes, and seconds followed by d, h, m, and srespectively. For example, specify30m for a duration of 30 minutesor specify1d2h3m4s for a duration of 1 day, 2 hours, 3 minutes,and 4 seconds. Alternatively, to specify a timestamp, use --termination-timeinstead.

If neither --max-run-duration nor --termination-time is specified (default), theVM instance runs until prompted by a user action or system event. If either isspecified, the VM instance is scheduled to be automatically terminated at theVM's termination timestamp (terminationTimestamp) using the actionspecified by --instance-termination-action.

Note: TheterminationTimestamp is removed whenever the VM isstopped or suspended and redefined whenever the VM is rerun. For--max-run-duration specifically, theterminationTimestamp is thesum of MAX_RUN_DURATION and the time when the VM last entered theRUNNING state, which changes whenever the VM is rerun.

--metadata=KEY=VALUE,[KEY=VALUE,…]

Metadata to be made available to the guest operating system running on theinstances. Each metadata entry is a key/value pair separated by an equals sign.Each metadata key must be unique and have a max of 128 bytes in length. Eachvalue must have a max of 256 KB in length. Multiple arguments can be passed tothis flag, e.g.,--metadatakey-1=value-1,key-2=value-2,key-3=value-3. The combinedtotal size for all metadata entries is 512 KB.

In images that have Compute Engine tools installed on them, such as theofficial images, thefollowing metadata keys have special meanings:

startup-script

Specifies a script that will be executed by the instances once they startrunning. For convenience,--metadata-from-file can be used to pullthe value from a file.

startup-script-url

Same asstartup-script except that thescript contents are pulled from a publicly-accessible location on the web.For startup scripts on Windows instances, the following metadata keys havespecial meanings:windows-startup-script-url,windows-startup-script-cmd,windows-startup-script-bat,windows-startup-script-ps1,sysprep-specialize-script-url,sysprep-specialize-script-cmd,sysprep-specialize-script-bat, andsysprep-specialize-script-ps1. For moreinformation, seeRunning startupscripts.

--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]

Same as--metadata except that the valuefor the entry will be read from a local file. This is useful for values that aretoo large such asstartup-script contents.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architectureor a newer one. To list available CPU platforms in given zone, run:

gcloudcomputezonesdescribeZONE--format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".

CPU platform selection is available only in selected zones.

You can find more information on-line:https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--min-node-cpu=MIN_NODE_CPU

Minimum number of virtual CPUs this instance will consume when running on asole-tenant node.

--network=NETWORK

Specifies the network that the VM instances are a part of. If--subnet is also specified, subnet must be a subnetwork of thenetwork specified by this--network flag. If neither is specified,the default network is used.

--network-interface=[PROPERTY=VALUE,…]

Adds a network interface to the instance. Mutually exclusive with any of theseflags:--address,--network,--network-tier,--subnet,--private-network-ip,--stack-type,--ipv6-network-tier,--internal-ipv6-address,--internal-ipv6-prefix-length,--ipv6-address,--ipv6-prefix-length,--external-ipv6-address,--external-ipv6-prefix-length,--ipv6-public-ptr-domain. This flag can be repeated to specifymultiple network interfaces.

The following keys are allowed:

address

Assigns the given external address to the instance that is created. Specifyingan empty string will assign an ephemeral IP. Mutually exclusive with no-address.If neither key is present the instance will get an ephemeral IP.

network

Specifies the network that the interface will be part of. If subnet is alsospecified it must be subnetwork of this network. If neither is specified, thisdefaults to the "default" network.

no-address

If specified the interface will have no external IP. Mutually exclusive withaddress. If neither key is present the instance will get an ephemeral IP.

network-tier

Specifies the network tier of the interface.NETWORK_TIER must be one of:PREMIUM,STANDARD. The default value isPREMIUM.

private-network-ip

Assigns the given RFC1918 IP address to the interface.

subnet

Specifies the subnet that the interface will be part of. If network key is alsospecified this must be a subnetwork of the specified network.

nic-type

Specifies the Network Interface Controller (NIC) type for the interface.NIC_TYPE must be one of:GVNIC,VIRTIO_NET.

queue-count

Specifies the networking queue count for this interface. Both Rx and Tx queueswill be set to this number. If it's not specified, a default queue count will beassigned. Seehttps://cloud.google.com/compute/docs/network-bandwidth#rx-txfor more details.

stack-type

Specifies whether IPv6 is enabled on the interface.STACK_TYPE must be one of:IPV4_ONLY,IPV4_IPV6,IPV6_ONLY. Thedefault value isIPV4_ONLY.

ipv6-network-tier

Specifies the IPv6 network tier that will be used to configure the instancenetwork interface IPv6 access config.IPV6_NETWORK_TIER must bePREMIUM (currently only one value is supported).

internal-ipv6-address

Assigns the given internal IPv6 address or range to the instance that iscreated. The address must be the first IP address in the range or from a /96 IPaddress range. This option can be used only when creating a single instance.

internal-ipv6-prefix-length

Optional field that indicates the prefix length of the internal IPv6 addressrange. It should be used together with internal-ipv6-address. Only /96 IPaddress range is supported and the default value is 96. If not set, either theprefix length from --internal-ipv6-address will be used or the default value of96 will be assigned.

external-ipv6-address

Assigns the given external IPv6 address to the instance that is created. Theaddress must be the first IP address in the range. This option can be used onlywhen creating a single instance.

external-ipv6-prefix-length

The prefix length of the external IPv6 address range. This field should be usedtogether with external-ipv6-address. Only the /96 IP address range is supported,and the default value is 96.

ipv6-public-ptr-domain

Assigns a custom PTR domain for the external IPv6 in the IPv6 accessconfiguration of instance. If its value is not specified, the default PTR recordwill be used. This option can only be specified for the default networkinterface,nic0.

aliases

Specifies the IP alias ranges to allocate for this interface. If there aremultiple IP alias ranges, they are separated by semicolons.

For example:

--aliases="10.128.1.0/24;range1:/32"

Each IP alias range consists of a range name and a CIDR netmask (e.g./24) separated by a colon or just the netmask. The range name isthe name of the range within the network interface's subnet from which toallocate an IP alias range. If unspecified, it defaults to the primary IP rangeof the subnet. The IP allocator will pick an available range with the specifiednetmask and allocate it to this network interface.

network-attachment

Specifies the network attachment that this interface should connect to. Mutuallyexclusive with--network and--subnet flags.

vlan

VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2to 255 inclusively.

--network-performance-configs=[PROPERTY=VALUE,…]

Configures network performance settings for the instance. If this flag is notspecified, the instance will be created with its default network performanceconfiguration.

total-egress-bandwidth-tier

Total egress bandwidth is the available outbound bandwidth from a VM, regardlessof whether the traffic is going to internal IP or external IP destinations. Thefollowing tier values are allowed: [DEFAULT,TIER_1]

--network-tier=NETWORK_TIER

Specifies the network tier that will be used to configure the instance.NETWORK_TIER must be one of:PREMIUM,STANDARD. The default value isPREMIUM.

--performance-monitoring-unit=PERFORMANCE_MONITORING_UNIT

The type of performance monitoring counters (PMCs) to enable in the instance.PERFORMANCE_MONITORING_UNIT must be one of:

architectural

This enables architecturally defined non-last level cache (LLC) events.

enhanced

This enables most documented core/L2 and LLC events.

standard

This enables most documented core/L2 events.

--preemptible

If provided, instances will be preemptible and time-limited. Instances might bepreempted to free up resources for standard VM instances, and will only be ableto run for a limited amount of time. Preemptible instances can not be restartedand will not migrate.

--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE

The private IPv6 Google access type for the VM.PRIVATE_IPV6_GOOGLE_ACCESS_TYPE must be one of:enable-bidirectional-access,enable-outbound-vm-access,inherit-subnetwork.

--private-network-ip=PRIVATE_NETWORK_IP

Specifies the RFC1918 IP to assign to the instance. The IP should be in thesubnet or legacy network IP range.

--provisioning-model=PROVISIONING_MODEL

Specifies the provisioning model for your VM instances. This choice affects theprice, availability, and how long your VM instances can run.PROVISIONING_MODEL must be one of:

FLEX_START

The VM instance is provisioned using the Flex Start provisioning model and has alimited runtime.

RESERVATION_BOUND

The VM instances run for the entire duration of their associated reservation.You can only specify this provisioning model if you want your VM instances toconsume a specific reservation with either a calendar reservation mode or adense deployment type.

SPOT

Compute Engine may stop a Spot VM instance whenever it needs capacity. BecauseSpot VM instances don't have a guaranteed runtime, they come at a discountedprice.

STANDARD

The default option. The STANDARD provisioning model gives you full control overyour VM instances' runtime.

--region=REGION

Region of the subnetwork to attach. If not specified, you might be prompted toselect a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set thecompute/region property:

gcloudconfigsetcompute/regionREGION

A list of regions can be fetched by running:

gcloudcomputeregionslist

To unset the property, run:

gcloudconfigunsetcompute/region

Alternatively, the region can be stored in the environment variableCLOUDSDK_COMPUTE_REGION.

--resource-manager-tags=[KEY=VALUE,…]

Specifies a list of resource manager tags to apply to the instance.

--resource-policies=[RESOURCE_POLICY,…]

A list of resource policy names (not URLs) to be added to each instance createdusing this instance template. If you attach any resource policies to an instancetemplate, you can only use that instance template to create instances that arein the same region as the resource policies. Do not include resource policiesthat are located in different regions in the same instance template.

--restart-on-failure

The instances will be restarted if they are terminated by Compute Engine. Thisdoes not affect terminations performed by the user. Enabled by default, use--no-restart-on-failure to disable.

--shielded-integrity-monitoring

Enables monitoring and attestation of the boot integrity of the instance. Theattestation is performed against the integrity policy baseline. This baseline isinitially derived from the implicitly trusted boot image when the instance iscreated. This baseline can be updated by usinggcloud compute instancesupdate --shielded-learn-integrity-policy. On Shielded VM instances,integrity monitoring is enabled by default. For information about how to modifyShielded VM options, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.For information about monitoring integrity on Shielded VM instances, seehttps://cloud.google.com/compute/docs/instances/integrity-monitoring."

--shielded-secure-boot

The instance boots with secure boot enabled. On Shielded VM instances, SecureBoot is not enabled by default. For information about how to modify Shielded VMoptions, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.

--shielded-vtpm

The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is ahardware module that can be used for different security operations such asremote attestation, encryption, and sealing of keys. On Shielded VM instances,vTPM is enabled by default. For information about how to modify Shielded VMoptions, seehttps://cloud.google.com/compute/docs/instances/modifying-shielded-vm.

--[no-]skip-guest-os-shutdown

If enabled, then, when the instance is stopped or deleted, the instance isimmediately stopped without giving time to the guest OS to cleanly shut down.Use--skip-guest-os-shutdown to enable and--no-skip-guest-os-shutdown to disable.

--source-instance=SOURCE_INSTANCE

The name of the source instance that the instance template will be created from.

--source-instance-zone=SOURCE_INSTANCE_ZONE

Zone of the instance to operate on. Overrides the defaultcompute/zone property value for this command invocation.

--stack-type=STACK_TYPE

Specifies whether IPv6 is enabled on the default network interface. If notspecified, IPV4_ONLY will be used.STACK_TYPE must beone of:

IPV4_IPV6

The network interface can have both IPv4 and IPv6 addresses

IPV4_ONLY

The network interface will be assigned IPv4 addresses

IPV6_ONLY

The network interface will be assigned IPv6 addresses

--subnet=SUBNET

Specifies the subnet that the VM instances are a part of. If--network is also specified, subnet must be a subnetwork of thenetwork specified by the--network flag.

--tags=TAG,[TAG,…]

Specifies a list of tags to apply to the instance. These tags allow networkfirewall rules and routes to be applied to specified VM instances. Seegcloud computefirewall-rules create(1) for more details.

To read more about configuring network tags, read this guide:https://cloud.google.com/vpc/docs/add-remove-network-tags

To list instances with their respective status and tags, run:

gcloudcomputeinstanceslist--format='table(name,status,tags.list())'

To list instances tagged with a specific tag,tag1, run:

gcloudcomputeinstanceslist--filter='tags:tag1'

--termination-time=TERMINATION_TIME

Limits how long this VM instance can run, specified as a time. Format the time,TERMINATION_TIME, as a RFC 3339 timestamp. For more information, seehttps://tools.ietf.org/html/rfc3339.Alternatively, to specify a duration, use --max-run-duration instead.

If neither --termination-time nor --max-run-duration is specified (default), theVM instance runs until prompted by a user action or system event. If either isspecified, the VM instance is scheduled to be automatically terminated at theVM's termination timestamp (terminationTimestamp) using the actionspecified by --instance-termination-action.

Note: TheterminationTimestamp is removed whenever the VM isstopped or suspended and redefined whenever the VM is rerun. For--termination-time specifically, theterminationTimestamp remainsthe same whenever the VM is rerun, but any requests to rerun the VM fail if thespecified timestamp is in the past.

--threads-per-core=THREADS_PER_CORE

The number of visible threads per physical core. To disable simultaneousmultithreading (SMT) set this to 1. Valid values are: 1 or 2.

For more information about configuring SMT, see:https://cloud.google.com/compute/docs/instances/configuring-simultaneous-multithreading.

--turbo-mode=TURBO_MODE

Turbo mode to use for the instance. Supported modes include:

• ALL_CORE_MAX

To achieve all-core-turbo frequency for more consistent CPU performance, set thefield to ALL_CORE_MAX. The field is unset by default, which results in maximumperformance single-core boosting.

--visible-core-count=VISIBLE_CORE_COUNT

The number of physical cores to expose to the instance's guest operating system.The number of virtual CPUs visible to the instance's guest operating system isthis number of cores multiplied by the instance's count of visible threads perphysical core.

At most one of these can be specified:

--address=ADDRESS

Assigns the given external IP address to the instance that is created. Thisoption can only be used when creating a single instance.

--no-address

If provided, the instances are not assigned external IP addresses. To pullcontainer images, you must configure private Google access if using ContainerRegistry or configure Cloud NAT for instances to access container imagesdirectly. For more information, see:

• https://cloud.google.com/vpc/docs/configure-private-google-access
• https://cloud.google.com/nat/docs/using-nat

Key resource - The Cloud KMS (Key Management Service) cryptokey that will beused to protect the disk. The 'Compute Engine Service Agent' service accountmust hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments inthis group can be used to specify the attributes of this resource.

--boot-disk-kms-key=BOOT_DISK_KMS_KEY

ID of the key or fully qualified identifier for the key.

To set thekms-key attribute:

• provide the argument--boot-disk-kms-key on the command line.

This flag argument must be specified if any of the other arguments in this groupare specified.

--boot-disk-kms-keyring=BOOT_DISK_KMS_KEYRING

The KMS keyring of the key.

To set thekms-keyring attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-keyring on the command line.

--boot-disk-kms-location=BOOT_DISK_KMS_LOCATION

The Google Cloud location for the key.

To set thekms-location attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-location on the command line.

--boot-disk-kms-project=BOOT_DISK_KMS_PROJECT

The Google Cloud project for the key.

To set thekms-project attribute:

• provide the argument--boot-disk-kms-key on the command line with afully specified name;
• provide the argument--boot-disk-kms-project on the command line;
• set the propertycore/project.

At most one of these can be specified:

--confidential-compute

(DEPRECATED) The instance boots with Confidential Computing enabled.Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMDvirtualization feature for running confidential instances.

The --confidential-compute flag will soon be deprecated. Please use--confidential-compute-type=SEV instead

--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE

The instance boots with Confidential Computing enabled. Confidential Computingcan be based on Secure Encrypted Virtualization (SEV) or Secure EncryptedVirtualization - Secure Nested Paging (SEV-SNP), both of which are AMDvirtualization features for running confidential instances. Trust DomaineXtension based on Intel virtualization features for running confidentialinstances is also supported.CONFIDENTIAL_COMPUTE_TYPEmust be one of:

SEV

Secure Encrypted Virtualization

SEV_SNP

Secure Encrypted Virtualization - Secure Nested Paging

TDX

Trust Domain eXtension

Custom machine type extensions.

--custom-cpu=CUSTOM_CPU

A whole number value specifying the number of cores that are needed in thecustom machine type.

For some machine types, shared-core values can also be used. For example, for E2machine types, you can specifymicro,small, ormedium.

This flag argument must be specified if any of the other arguments in this groupare specified.

--custom-memory=CUSTOM_MEMORY

A whole number value indicating how much memory is desired in the custom machinetype. A size unit should be provided (eg. 3072MB or 9GB) - if no units arespecified, GB is assumed.

This flag argument must be specified if any of the other arguments in this groupare specified.

--custom-extensions

Use the extended custom machine type.

--custom-vm-type=CUSTOM_VM_TYPE

Specifies a custom machine type. The default isn1. For moreinformation about custom machine types, see:https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types

--image-project=IMAGE_PROJECT

The Google Cloud project against which all image and image family referenceswill be resolved. It is best practice to define image-project. A full list ofavailable projects can be generated by runninggcloud projects list.

• If specifying one of our public images, image-project must be provided.
• If there are several of the same image-family value in multiple projects,image-project must be specified to clarify the image to be used.
• If not specified and either image or image-family is provided, the currentdefault project is used.

At most one of these can be specified:

--image=IMAGE

Specifies the boot image for the instances. For each instance, a new boot diskwill be created from the given image. Each boot disk will have the same name asthe instance. To view a list of public images and projects, run$gcloud compute imageslist. It is best practice to use--image when a specificversion of an image is needed.

When using this option,--boot-disk-device-name and--boot-disk-size can be used to overridethe boot disk's device name and size, respectively.

--image-family=IMAGE_FAMILY

The image family for the operating system that the boot disk will be initializedwith. Compute Engine offers multiple Linux distributions, some of which areavailable as both regular and Shielded VM images. When a family is specifiedinstead of an image, the latest non-deprecated image associated with that familyis used. It is best practice to use--image-family when the latestversion of an image is needed.

By default,debian-12 is assumed for thisflag.

Sole Tenancy.

At most one of these can be specified:

--node=NODE

The name of the node to schedule this instance on.

--node-affinity-file=PATH_TO_FILE

The JSON/YAML file containing the configuration of desired nodes onto which thisinstance could be scheduled. These rules filter the nodes according to theirnode affinity labels. A node's affinity labels come from the node template ofthe group the node is in.

The file should contain a list of a JSON/YAML objects. For an example, seehttps://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#configure_node_affinity_labels.The following list describes the fields:

key

Corresponds to the node affinity label keys of the Node resource.

operator

Specifies the node selection type. Must be one of:IN: RequiresCompute Engine to seek for matched nodes.NOT_IN: Requires ComputeEngine to avoid certain nodes.

values

Optional. A list of values which correspond to the node affinity label values ofthe Node resource.

Use a full or relative path to a local file containing the value ofnode_affinity_file.

--node-group=NODE_GROUP

The name of the node group to schedule this instance on.

Specifies the reservation for instances created from this template.

--reservation=RESERVATION

The name of the reservation, required when--reservation-affinity=specific.

--reservation-affinity=RESERVATION_AFFINITY; default="any"

The type of reservation for instances created from this template.RESERVATION_AFFINITY must be one of:

any

Consume any available, matching reservation.

none

Do not consume from any reserved capacity.

specific

Must consume from a specific reservation.

At most one of these can be specified:

--scopes=[SCOPE,…]

If not provided, the instance will be assigned the default scopes, describedbelow.

SCOPE can be either the full URI of the scope or an alias.Defaultscopes are assigned to all instances. Available aliases are:

Alias	URI
bigquery	https://www.googleapis.com/auth/bigquery
cloud-platform	https://www.googleapis.com/auth/cloud-platform
cloud-source-repos	https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro	https://www.googleapis.com/auth/source.read_only
compute-ro	https://www.googleapis.com/auth/compute.readonly
compute-rw	https://www.googleapis.com/auth/compute
datastore	https://www.googleapis.com/auth/datastore
default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring.write
	https://www.googleapis.com/auth/pubsub
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
gke-default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
logging-write	https://www.googleapis.com/auth/logging.write
monitoring	https://www.googleapis.com/auth/monitoring
monitoring-read	https://www.googleapis.com/auth/monitoring.read
monitoring-write	https://www.googleapis.com/auth/monitoring.write
pubsub	https://www.googleapis.com/auth/pubsub
service-control	https://www.googleapis.com/auth/servicecontrol
service-management	https://www.googleapis.com/auth/service.management.readonly
sql (deprecated)	https://www.googleapis.com/auth/sqlservice
sql-admin	https://www.googleapis.com/auth/sqlservice.admin
storage-full	https://www.googleapis.com/auth/devstorage.full_control
storage-ro	https://www.googleapis.com/auth/devstorage.read_only
storage-rw	https://www.googleapis.com/auth/devstorage.read_write
taskqueue	https://www.googleapis.com/auth/taskqueue
trace	https://www.googleapis.com/auth/trace.append
userinfo-email	https://www.googleapis.com/auth/userinfo.email

DEPRECATION WARNING:https://www.googleapis.com/auth/sqlserviceaccount scope andsql alias do not provide SQL instance managementcapabilities and have been deprecated. Please, usehttps://www.googleapis.com/auth/sqlservice.adminorsql-admin to manage your Google SQL Service instances.

--no-scopes

Create instance without scopes

At most one of these can be specified:

--service-account=SERVICE_ACCOUNT

A service account is an identity attached to the instance. Its access tokens canbe accessed through the instance metadata server and are used to authenticateapplications on the instance. The account can be set using an email addresscorresponding to the required service account.

If not provided, the instance will use the project's default service account.

--no-service-account

Create instance without service account

--service-proxy=[enabled],[access-log=ACCESS-LOG],[network=NETWORK],[proxy-port=PROXY-PORT],[serving-ports=SERVING-PORTS],[tracing=TRACING]

Controls whether the Traffic Director service proxy (Envoy) and agent areinstalled and configured on the VM. "cloud-platform" scope is enabledautomatically to allow connections to the Traffic Director API. Do not use the--no-scopes flag.

enabled

If specified, the service-proxy software will be installed when the instance iscreated. The instance is configured to work with Traffic Director.

serving-ports

Semi-colon-separated (;) list of the ports, specified inside quotation marks("), on which the customer's application/workload is serving.

For example:

serving-ports="80;8080"

The service proxy will intercept inbound traffic, then forward it to thespecified serving port(s) on localhost. If not provided, no incoming traffic isintercepted.

proxy-port

The port on which the service proxy listens. The VM intercepts traffic andredirects it to this port to be handled by the service proxy. If omitted, thedefault value is '15001'.

tracing

Enables the service proxy to generate distributed tracing information. If set toON, the service proxy's control plane generates a configuration that enablesrequest ID-based tracing. For more information, refer to thegenerate_request_id documentation for the Envoy proxy. Allowedvalues areON andOFF.

access-log

The filepath for access logs sent to the service proxy by the control plane. Allincoming and outgoing requests are recorded in this file. For more information,refer to the file access log documentation for the Envoy proxy.

network

The name of a valid VPC network. The Google Cloud Platform VPC network used bythe service proxy's control plane to generate dynamic configuration for theservice proxy.

--service-proxy-labels=[KEY=VALUE, …,…]

Labels that you can apply to your service proxy. These will be reflected in yourEnvoy proxy's bootstrap metadata. These can be anykey=value pairsthat you want to set as proxy metadata (for example, for use with configfiltering). You might use these flags for application and version labels:app=review and/orversion=canary.

Run$gcloud help for details.